1. oh no...
great, just GREAT! i think i got some twisted virus that nuked my windows
directory. i lost everything in my windows directory except three files
that start with a 'p'. :P i'm anticipating getting a new PC, so see you soon
- Matt the Cursed
2. Re: oh no...
- Posted by Kat <gertie at PELL.NET>
Nov 30, 2000
-
Last edited Dec 01, 2000
On 30 Nov 2000, at 20:56, Darth Maul, aka Matt wrote:
> great, just GREAT! i think i got some twisted virus that nuked my windows
> directory. i lost everything in my windows directory except three files that
> start with a 'p'. :P i'm anticipating getting a new PC, so see you soon
Such has happened to me too, and i learned:
1) run proxy(s) to filter ALL java* and all activex from anything going to any
application that is scriptable.
2) don't run anything scriptable that you cannot filter scripts out of.
(scripts are a great way to get a trojan or a virus onto a puter, if they aren't
viruses themselves)
3) run a firewall, ESPECIALLY on a winbox.
> - Matt the Cursed
Kat the Wiser
3. Re: oh no...
- Posted by Liona Kerslake <paulk at UNISERVE.COM>
Nov 30, 2000
-
Last edited Dec 01, 2000
Will the reign of terror ever end?
I got an e-mail awhile ago from "Undetermined Mail Sender" with no subject,
no information and a file called "EGGKOKEG.EXE". Naturally I deleted it
right away. I learned in Computer Studies, for those with an "always on"
'net connection, hackers can get in easily without a firewall. This is
especially dangerous to networks with a cable 'net connection. I've got a
28.8K modem and 10 hrs. a month so I like to think I'm safe! Jes' thought
I'd contribute.
-Thomas
4. Re: oh no...
- Posted by Colin Taylor <ctaylor at RACSA.CO.CR>
Dec 01, 2000
-
Last edited Dec 02, 2000
> Thomas wrote:
> I got an e-mail awhile ago from "Undetermined Mail Sender" with no
subject,
> no information and a file called "EGGKOKEG.EXE". >
I got it too.
Colin
5. Re: oh no...
- Posted by Bernie <xotron at PCOM.NET>
Dec 01, 2000
-
Last edited Dec 02, 2000
So did I but I deleted it
6. Re: oh no...
On 1 Dec 2000, at 20:52, Bernie wrote:
> So did I but I deleted it
Did anyone save the smtp headers? Where did it come from?
Kat
7. Re: oh no...
- Posted by Dan B Moyer <DANMOYER at PRODIGY.NET>
Dec 01, 2000
-
Last edited Dec 02, 2000
I didn't get that post, but I do often get similar ones, from "Undetermined
Mail Sender, but I've discovered that they are actual posts from list
members, maybe with mangled headers (?), which I have filtered into a folder
called "from server"; when I realize they're there, I have been "checking
them out" by using Outlook Express "properties" button and "details", and
then "message source", which not only shows the mail header, but also the
message. I have been thinking this is a "safe" way to read such email
without opening it, but now I'm wondering if that's true. Any thoughts?
Dan
----- Original Message -----
From: "Kat" <gertie at PELL.NET>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Friday, December 01, 2000 10:41 PM
Subject: Re: oh no...
> On 1 Dec 2000, at 20:52, Bernie wrote:
>
> > So did I but I deleted it
>
> Did anyone save the smtp headers? Where did it come from?
>
> Kat
8. Re: oh no...
On Sat, 2 Dec 2000 00:41:35 -0600, Kat <gertie at PELL.NET> wrote:
>On 1 Dec 2000, at 20:52, Bernie wrote:
>
>> So did I but I deleted it
>
>Did anyone save the smtp headers? Where did it come from?
>
>Kat
It had no header came blank
9. Re: oh no...
Kat
PS - At time I recieved the file, I viewed the data inside the file
and saw a reference to kernel32.exe. So I immedatley deleted
from the file from my system. This file had to be sent to me from
some ones address book because I do not subscribe to any mailing
lists.
Bernie
10. Re: oh no...
------=_NextPart_000_00BF_01C05C20.7B2C8D00
charset="iso-8859-1"
Kat, Here is the message header. - Colin
----- Original Message -----
From: Kat <gertie at PELL.NET>
To: <EUPHORIA at LISTSERV.MUOHIO.EDU>
Sent: Saturday, December 02, 2000 12:41 AM
Subject: Re: oh no...
> On 1 Dec 2000, at 20:52, Bernie wrote:
>
> > So did I but I deleted it
>
> Did anyone save the smtp headers? Where did it come from?
>
> Kat
------=_NextPart_000_00BF_01C05C20.7B2C8D00
name="hdr.txt"
11. Re: oh no...
Kat:
What's kernel32.exe?
Dan:
"I have been thinking this is a "safe" way to read such email
without opening it, but now I'm wondering if that's true. Any thoughts?"
I don't trust e-mails much. Obviously I trust this group. But, doing your
'safe check....I don't know, I personally wouldn't. It seems to me if most
of the people on this list got it, then either someone's either got messed
up e-mails, or someone's going throught a lot of trouble to cause problems.
Not that I'm paranoid.........
--Bye
---Thomas
12. Re: oh no...
On 1 Dec 2000, at 23:38, Dan B Moyer wrote:
> I didn't get that post, but I do often get similar ones, from "Undetermined
> Mail Sender, but I've discovered that they are actual posts from list members,
> maybe with mangled headers (?), which I have filtered into a folder called
> "from server"; when I realize they're there, I have been "checking them out"
> by using Outlook Express "properties" button and "details", and then "message
> source", which not only shows the mail header, but also the message. I have
> been thinking this is a "safe" way to read such email without opening it, but
> now I'm wondering if that's true. Any thoughts?
Just one thought: doing *anything* to the email in Outlook Express is
dangerous, and you could find your puter executing the email. Part of the
problem is the hidden extensions, such as readme.txt.exe , in which
windoze is told by MS, by default, to not show you the ".exe", so when
you open what *looks* like "readme.txt", you exec it. There are some
viruses that need only be handled, not opened, by OE for them to exec,
due to OE looking into them to decide what to do with them. "Properties"
should be safe, but i do not *know* that it is, because, like i said, it is
possible to get OE to exec something just by recieving it totally unopened.
Marginally legal examples of OE exec'ing code behind the scenes is the
"auto-verify receipt when recieved" and "auto-verify receipt when opened"
options in email readers. So-called "user friendly" options include allowing
html src tags to be active, so the email reader will goto the web and
retrieve unknown files, possibly javascript or vbs files, which then exec and
do anything the author wished.
As far as virus scanners of email, some people have reported problems
with them, mostly hanging the puter types of problems. One of my dear
projects i wish i had time to work on is an email proxy, like the http proxies
i have.
When i got Pegasus, i intentionally did not get the plugins for scripting,
forwarding/sorting, or anything other than plain text decode/display.
Btw, Colin sent me the header, it's from Switzerland. Do not expect the
usa to have any clout in Europe/Asia to chase down virus factories, it's not
like it was in the Melissa virus case.
Kat
13. Re: oh no...
On Thu, 30 Nov 2000 21:24:45 -0600, Kat <gertie at PELL.NET> wrote:
>2) don't run anything scriptable that you cannot filter scripts out of.
>(scripts are a great way to get a trojan or a virus onto a puter, if they
aren't
>viruses themselves)
Well, I don't have any scripting programs...actually, I suspect it was a
program called ALINK. Here's what happened:
1) I assembled and linked(into COFF format) a test .ASM file that came
with it. It couldn't find a couple symbols...
2) I try linking my own program and try to get it to link with user32.dll
to no avail
3) I try linking it with some file on the site(win32.lib), it crashes, I
leave my system alone for a while, the DOS prompt crashes, and the next
thing I know, *POOF*!
I hate the universe...
- Matt
14. Re: oh no...
- Posted by George Henry <ghenryca at HOTMAIL.COM>
Dec 02, 2000
-
Last edited Dec 03, 2000
>either someone's either got messed up e-mails, or someone's going throught
>a lot of trouble to cause problems.
My wife got that message, and she is not on this list; on the other hand, I
didn't get it, and I am on the list; so whether you got it or not doesn't
have anything in particular to do with being on this list.
Don't spend too much of your valuable time and neuronal reources thinking
about this.
George
_____________________________________________________________________________________
Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com
15. Re: oh no...
On 2 Dec 2000, at 9:47, Liona Kerslake wrote:
> Kat:
>
> What's kernel32.exe?
Should have been kernal32.dll. It's the core routines of the windoze OS.
Other routines are in other hunks of code, like user32.* and other *.dll and
*.exe.
> Not that I'm paranoid.........
"paranoid" has gotten such a bad reputation. It's aka "covering your
vulnerable parts of your anatomy", "being prepared" (Boy Sprout motto),
"taking birth control or vitamin pills", "getting a flu shot", "using an
internet
firewall", "an apple a day keeps the doctor away", etc....
Kat,
appropriately paranoid.
16. Re: oh no...
On Sat, 2 Dec 2000 14:04:23 -0600, Kat <gertie at PELL.NET> wrote:
>On 2 Dec 2000, at 9:47, Liona Kerslake wrote:
>
>> Kat:
>>
>> What's kernel32.exe?
>
>Should have been kernal32.dll. It's the core routines of the windoze OS.
>Other routines are in other hunks of code, like user32.* and other *.dll
and
>*.exe.
You're sure? Last time I checked before my Windoze dir got nuked, it was
Kernel32.dll.
17. Re: oh no...
- Posted by Kat <gertie at PELL.NET>
Dec 02, 2000
-
Last edited Dec 03, 2000
On 2 Dec 2000, at 15:17, Darth Maul, aka Matt wrote:
> On Sat, 2 Dec 2000 14:04:23 -0600, Kat <gertie at PELL.NET> wrote:
>
> >On 2 Dec 2000, at 9:47, Liona Kerslake wrote:
> >
> >> Kat:
> >>
> >> What's kernel32.exe?
> >
> >Should have been kernal32.dll. It's the core routines of the windoze OS.
> >Other routines are in other hunks of code, like user32.* and other *.dll
> and
> >*.exe.
>
> You're sure? Last time I checked before my Windoze dir got nuked, it was
> Kernel32.dll.
>
Ok, kernEl32.dll. Happy now?
Kat
18. Re: oh no...
On Sat, 2 Dec 2000 23:06:57 -0600, Kat <gertie at PELL.NET> wrote:
>Ok, kernEl32.dll. Happy now?
okay, okay...geez, a bit touchy today, huh?
